When configuring syslog SSO, which three actions must you take, in addition to enabling the syslog SSO method? (Choose three.)

1. A. Enable syslog on the FortiAuthenticator interface.
2. B. Define a syslog source.
3. C. Select a syslog rule for message parsing.
4. D. Set the same password on both the FortiAuthenticator and the syslog server.
5. E. Set the syslog UDP port on FortiAuthenticator.

Correct Answer: BCE
To configure syslog SSO, three actions must be taken, in addition to enabling the syslog SSO method:
Define a syslog source, which is a device that sends syslog messages to FortiAuthenticator containing user logon or logoff information.
Select a syslog rule for message parsing, which is a predefined or custom rule that defines how to extract the user name, IP address, and logon or logoff action from the syslog message.
Set the syslog UDP port on FortiAuthenticator, which is the port number that FortiAuthenticator listens on for incoming syslog messages.
References:
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/single-sign-on#syslog-s

How can a SAML metada file be used?

1. A. To defined a list of trusted user names
2. B. To import the required IDP configuration
3. C. To correlate the IDP address to its hostname
4. D. To resolve the IDP realm for authentication

Correct Answer: B
A SAML metadata file can be used to import the required IDP configuration for SAML service provider mode. A SAML metadata file is an XML file that contains information about the identity provider (IDP) and the service provider (SP), such as their entity IDs, endpoints, certificates, and attributes. By importing a SAML metadata file from the IDP, FortiAuthenticator can automatically configure the necessary settings for SAML service provider mode.
References:
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/saml-service-provider#

An administrator wants to keep local CA cryptographic keys stored in a central location.
Which FortiAuthenticator feature would provide this functionality?

1. A. SCEP support
2. B. REST API
3. C. Network HSM
4. D. SFTP server

Correct Answer: C
Network HSM is a feature that allows FortiAuthenticator to keep local CA cryptographic keys stored in a central location. HSM stands for Hardware Security Module, which is a physical device that provides secure storage and generation of cryptographic keys. Network HSM allows FortiAuthenticator to use an external HSM device to store and manage the private keys of its local CAs, instead of storing them locally on the FortiAuthenticator device.
References:
https://docs.fortinet.com/document/fortiauthenticator/6.4.0/administration-guide/906179/certificate-management

Which two statements about the EAP-TTLS authentication method are true? (Choose two)

1. A. Uses mutual authentication
2. B. Uses digital certificates only on the server side
3. C. Requires an EAP server certificate
4. D. Support a port access control (wired) solution only

Correct Answer: BC
EAP-TTLS is an authentication method that uses digital certificates only on the server side to establish a secure tunnel between the server and the client. The client does not need a certificate but can use any inner authentication method supported by the server, such as PAP, CHAP, MS-CHAP, or EAP-MD5. EAP-TTLS requires an EAP server certificate that is issued by a trusted CA and installed on the FortiAuthenticator device acting as the EAP server. EAP-TTLS supports both wireless and wired solutions for port access control. References: https://docs.fortinet.com/document/fortiauthenticator/6.4/administration-guide/372412/eap-ttls

Which of the following is an OATH-based standard to generate event-based, one-time password tokens?

1. A. HOTP
2. B. SOTP
3. C. TOTP
4. D. OLTP

Correct Answer: A